|
|
|
|
|
|
by ReidZB
4706 days ago
|
|
|
I think SHA-2 should be "minor weakness discovered" (if not outright "unbroken"), not "weakened". At the onset of the SHA-3 competition, everyone was nervous about SHA-2: it appeared as though a good attack was inevitable, what with the cryptanalytic attacks on SHA-1. But as the competition went on, things got calmer. The attacks against SHA-2 that were so expected simply weren't coming[1]. And so now the status quo is that SHA-2 seems pretty darn safe, and the real focus of the SHA-3 competition shifted towards not necessarily having a direct replacement for SHA-2, in the sense of performance, but instead having a design that was sufficiently different to not allow SHA-2 attacks to apply to it. And Keccak is just that: quite different. Anyway, my point is that SHA-2 is mislabeled. Honestly, I think cryptographers recommend it the most out of any of the hash functions currently; SHA-3's software performance is rather... lacking. [1] Some may argue that this is because cryptographers were focused on the SHA-3 candidates, but I'm not so sure |
|
|
Just stop what you're doing and look at scrypt, bcrypt or even PBKDF2-HMAC-SHA512 if you're thinking something that involves the words "passwords" and "fast hash function." (http://throwingfire.com/storing-passwords-securely/#notpassw...)